Carols computer is being brute-force attacked with DDOS across several pc's and she wants Bob to rdesktop into the server and take a look at things really REALLY soon. Bob therefore picks his ducati and drives home at lightspeed. He is such in a hurry that he fails 3 times to type the 20 characters password in a correct way and is blocked out. What is he going to say to carol? If Carol is a paying customer he surely's not going to say something like: "I could not prevent your server from being hijacked because I was blocked by your silly rdesktop server.."
I just setup remote desktop on my windows 7 machine , I am pretty shure it is vunerable to brute force attacks , I havent found the setting yet but somewhere there is a setting to disable logons if someone put's in the wrong password like if you fail 3 times you wont be able to logon for set time